<?php
/*
    GUMUD is Extensible Web-based Multi-User Dungeon Software.

    Copyright (C) 2013  White Rabbit

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
session_start();
include("path.php");
include($itx['relpath']."web-ps/config/w-m-config.php");
include($itx['relpath']."web-ps/includes/webFactory.php");
$_SESSION = initSession($_SESSION);
if (!isset($_SESSION['token'])) {
	$token=md5(uniqid(rand(), true));
	$_SESSION['token'] = $token;
}
$token = $_SESSION['token'];
$itx['get'] = safeGet($_GET);
define("unixtime",time());
define("prettytime",getPrettyTime(unixtime));

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
if (($payment_status == "Completed")) {
if ($_POST['receiver_email'] == myPPemail) {
$itx['tempamt'] = floor($payment_amount*100);
$itx['user']['uuid'] = file_get_contents("http://".gridURL."index.php?scripthandshakeID=".scripthandshakeID."&request=getUserByEmail&value=".urlencode($payer_email));
$itx['tempwallet'] = file_get_contents("http://".gridURL."index.php?scripthandshakeID=".scripthandshakeID."&request=GETxchangeWallet&uuid=".$itx['user']['uuid']);
$itx['tempamt2'] = $itx['tempamt'] + $itx['tempwallet'];
file_get_contents("http://".gridURL."index.php?scripthandshakeID=".scripthandshakeID."&request=SETxchangeWallet&uuid=".$itx['user']['uuid']."&amount=".$itx['tempamt2']);
}
}
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
if((PPtestMode == TRUE) AND (scripthandsakeID == $get['scripthandshakeID'])) {
$itx['tempamt'] = floor($get['itemid']);
$itx['user']['uuid'] = file_get_contents("http://".gridURL."index.php?scripthandshakeID=".scripthandshakeID."&request=getUserByEmail&value=".urlencode($get['ob1']));
$itx['tempwallet'] = file_get_contents("http://".gridURL."index.php?scripthandshakeID=".scripthandshakeID."&request=GETxchangeWallet&uuid=".$itx['user']['uuid']);
$itx['tempamt2'] = $itx['tempamt'] + $itx['tempwallet'];
file_get_contents("http://".gridURL."index.php?scripthandshakeID=".scripthandshakeID."&request=SETxchangeWallet&uuid=".$itx['user']['uuid']."&amount=".$itx['tempamt2']);
}
?>
